IETF Logo Mail Archive

Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis

Nick Buraglio <buraglio@forwardingplane.net> Mon, 18 March 2024 13:48 UTC

Return-Path: <buraglio@forwardingplane.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96757C18DB8B for <ipv6@ietfa.amsl.com>; Mon, 18 Mar 2024 06:48:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forwardingplane.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7At1YpEECncm for <ipv6@ietfa.amsl.com>; Mon, 18 Mar 2024 06:48:04 -0700 (PDT)
Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 773BBC180B5A for <ipv6@ietf.org>; Mon, 18 Mar 2024 06:48:04 -0700 (PDT)
Received: by mail-qv1-xf35.google.com with SMTP id 6a1803df08f44-690d7a8f904so43889516d6.1 for <ipv6@ietf.org>; Mon, 18 Mar 2024 06:48:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forwardingplane.net; s=google; t=1710769683; x=1711374483; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+/17Ry2CbMo8D8NZ0WFT0KVoztidC9DPDTVBmc7Q+K8=; b=EsJarrBTq7YPxlr0WR0ZveraY96d2WS3b31SadyqbihJeS5+6/uTEesmU5ijMAwltB DJ5NnBFmdzWTNVZD1JaOBlhom0kAy6oep4NtmGfJSShMc23NPTLuVPzwLy2z8ZpKyAlO S7epaySn0tiGmDVrJRGQ9flwYgk7zRioIwLLs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710769683; x=1711374483; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+/17Ry2CbMo8D8NZ0WFT0KVoztidC9DPDTVBmc7Q+K8=; b=vpvnmLCTdKqW5QNN6bEWFDRbRCTDVY2yRdSKWC0YdTxqwv4gAi8329Nqd2jGIP/aRV nUllEdn6vgYzGkPJAif5gzs9NZBMf60dfGVLAxzTKGON3aG33dpGGnPAsjMfliu+ND5A OBnFZVyPF+wAzwD8F+eOrb+3cRGxRDNEp445CJ2aAZ94SQCow7gSIhpRKqdoM+bbd5E7 3w0KrELpM0UYlWCNJqa+t1ylcdXSIW3VVMDsRyPdhbpdjpRAr/9/OsPlAOe4SEvvgxn/ Kcv+RPny5qZFAcsWKMCmoeWGTs1FR5j+ugjWtJH4Ipuy6sSm+J/eSBJ4IYTAk0hPFJku VvXw==
X-Forwarded-Encrypted: i=1; AJvYcCVAmnsHqyTZdPcwG8KUzJOrUftBt93jKW1qnm2CwxT2duV10UwwGMQsPjIiqCfQY8dSHq2W5cedIo0Irduw
X-Gm-Message-State: AOJu0YyyL0QsObifurU3qYlVB0CKXFqpYb5ms4Sd49KlnyxtQjrcEPwL Ifn2BQ5CxwbkfJ10EFpE+S1v4I26i6OkMMYQqKtzDku6S36YrNLZQ4ZKqTy+pX9NhLiB4pa/0pp n9+Z1NDmKrMGIMrqRk+AQ8U1Q8xykFRGwuo2reszoINDeHZbQqg==
X-Google-Smtp-Source: AGHT+IGy6s5bnQYCwRcefA56mPfirsM1unxcKRTuZeWZCzH6qXEIaPD9LRmQt9PTcbUvxRE5FibWSny0QE8aRi655eY=
X-Received: by 2002:a05:6214:4114:b0:696:14e6:9cd with SMTP id kc20-20020a056214411400b0069614e609cdmr6038966qvb.23.1710769683350; Mon, 18 Mar 2024 06:48:03 -0700 (PDT)
MIME-Version: 1.0
References: <df333346-f108-3782-0ff5-4bd85d7b49ac@gmail.com> <015F13BE-32F7-4C8B-8C86-C9153FE9C9E9@employees.org> <CAPt1N1mr+YLQjHf6wKK__-K1-Rywtg0K03DpwZZRz6USHOKfhA@mail.gmail.com> <39de45b5-eca1-d627-dac2-abe47f2e7bca@gmail.com> <CAPt1N1nwVSo=D9PXGAj9Hi5RUAK46aR_3P3kCLByDYXSN-UomA@mail.gmail.com> <645a37c1-6d3c-af54-e9ff-c743f07293b6@gmail.com>
In-Reply-To: <645a37c1-6d3c-af54-e9ff-c743f07293b6@gmail.com>
From: Nick Buraglio <buraglio@forwardingplane.net>
Date: Mon, 18 Mar 2024 08:47:52 -0500
Message-ID: <CACMsEX-rXO6CWwmBy81AaAUBr7seZugVjVjUZSOxMia9VcnVpw@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Ted Lemon <mellon@fugue.com>, IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000044e51e0613ef9bd9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/FdAbl9AjVPDZ7eiFbDnxlkpvNiw>
Subject: Re: [IPv6] Adoption call for draft-bctb-6man-rfc6296-bis
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 13:48:08 -0000

On Mon, Mar 18, 2024 at 1:22 AM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> On 18-Mar-24 19:04, Ted Lemon wrote:
> > On Mon, Mar 18, 2024 at 3:42 PM Brian E Carpenter <
> brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
> >
> >      > whether indeed this is the right technical approach to solving
> the problem of renumbering sites (that is, don't renumber them)
> >
> >     That's only part of it. The other, equally important, point is
> multiprovider multihoming for sites too small to justify a PI prefix.
> >
> >
> > I think that was assumed in my comment—I was assuming that the problem
> is that the site is using the prefix assigned by the ISP.
>
> Yes. But in MHMP, there are two ISPs and two prefixes.
> >
> >     Another, debatable but real, is a user requirement to obfuscate
> internal addresses.
> >
> >
> > This feels like not our problem.
>
> But it is, because the absence of an IETF-recommended solution causes
> people to go away from IPv6 entirely. There's evidence of this in the
> archives of this list (or possibly v6ops).
>

Not only that, but in the absence of guidance, a potpourri of random,
almost certainly worse solutions will be created, deployed, and have no
discernable or common support model outside of vendor lock-in or an
otherwise inflexible proprietary solution. So the real question is "what is
worse?". In the quest for ideal, we have trended toward vilifying what is
tolerable even if it is imperfect.

>
> >     We have failed for a quarter of a century to solve all three of
> these problems. Is that OK?
>

I would argue that it is not.
See above about perfect being the enemy of the good (perhaps not good, but
less bad).

> >
> >
> > Yes, I think it's okay. We are trying produce something new that is
> actually better. IPv4 already solves these problems. If you want to
> obfuscate internal addresses, you can always use IPv4 internally and NAT64
> to the IPv6 Internet.
>

The requirement for obfuscation is, in my experience, not necessarily
rooted in anything other than a bit of a misguided understanding of what
middle box vendors and end user CPE touted as security - conflation of
SPI + NAT44 == "Firewall". Like it or not, that has 25 years of tradition
that has worked its way into compliance requirements (there are a myriad of
threads on this in v6ops dating back many years) and worse yet the
generations of engineers that were not around pre NAT44, which is most at
this point, don't often consider a world without it. I say this not to make
excuses or cases, but to simply illustrate that it is larger than "bad" or
"good". It is just "current state".



> If that's the answer, where's the BCP explaining how to do it? And why is
> NPTv6 worse?
>
> >
> > My point being, if we really are trying to produce something usefully
> different than what we already have with the NATted IPv4 Internet, we
> should make sure we are actually doing that. If IPv6 is just IPv4 with a
> wider address, we've already really done a lot of work we didn't need to do.
>

That has been done. This is simply an implementation detail.


> We agree on that. But we agreed on that 25 years ago *and we didn't solve
> it*.
>
> That's why I remain against NPTv6 going on the standards track, because it
> would still be nice to find a solution with no translation at all.
>

I will say this - even with the experimental label this technology has done
two things and this is largely because it is tolerable, well thought out,
and solves a problem. It has:

Made it into a very notable amount of both FOSS and high end commercial
hardware as a supported solution, and

Been deployed in very large, high visibility production roles.

If that does not illustrate something surpassing "experimental" then I
propose that those definitions are unclear to most folks that don't read
RFCs and drafts on a very regular basis and is counter to the definition: "The
"Experimental" designation typically denotes a specification that is part
of some research or development effort.".
The change in status simply recognizes that fairly indisputable fact. I
believe we have a "solution with no translation". Where the solution falls
down is in cases described as much, much larger issues that are seemingly
endemic - multihoming being an absolutely massive elephant in the room.
I would absolutely love for there to be a better way, and I will more than
happily move on when there is one. However, given what is available *now*,
leaving it as experimental will not slow the current support in vendor
implementations. It will also not prevent the deployment in the cases where
it does actually solve a problem. It's a pragmatic stop-gap until / unless
there becomes a more elegant answer.

Would I personally prefer an answer that is not NPTv6? Sure. But I also
have deployed it *in production* because it is useful and solved a problem
that there was not a better solution for.



>
>     Brian
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email